Citrix Gateway

Configuring Post-Authentication Policies

A post-authentication policy is a set of generic rules that the user device must meet to keep the session active. If the policy fails, the connection to Citrix Gateway ends. When you configure the post-authentication policy, you can configure any setting for user connections that can be made conditional.

Note: This functionality works only with the Citrix Gateway plug-in. If users log on with Citrix Receiver, the endpoint analysis scan runs at logon only.

You use session policies to configure post-authentication policies. First, you create the users to which the policy applies. Then, you add the users to a group. Next, you bind session, traffic policies, and intranet applications to the group.

You can also specify groups to be authorization groups. This type of group allows you to assign users to groups on the basis of a client security expression within the session policy.

You can also configure a post-authentication policy to put users in a quarantine group if the user device does not meet the requirements of the policy. A simple policy includes a client security expression and a client security message. When users are in the quarantine group, users can log on to Citrix Gateway; however, they receive limited access to network resources.

You cannot create an authorization group and a quarantine group by using the same session profile and policy. The steps for creating the post-authentication policy are the same. When you create the session policy, you select either an authorization group or a quarantine group. You can create two session policies and bind each policy to the group.

Post-authentication policies are also used with SmartAccess. For more information about SmartAccess, see Configuring SmartAccess on Citrix Gateway.

Configuring Post-Authentication Policies